I posted a similar thread in the DNN forums and was wondering if anyone here had any sort of idea as to how I could acheive this. Bascially DNN uses forms authentication and in the ApplicationBeginRequest, security credentials are checked and created. These credentials are cookie based.

I have certain DNN modules that when initialized, check properties to see if certain objects related to the modules exist in the session. if the objects do not exist in the session, I create them in the property accessors and stuff them in the session.

if the user logs out (using the security controls / skin objects provided by the dnn core) and leaves the browser open, the objects in the session should be dumped. I cannot seem to find an event that I can hook to in the core, and I really dont want to change the core.

How should I accomplish this? Should I implement an httphandler or something like this?

Ultimately what I really need is this this pseudo code :

if (Request.IsAuthenticated == false )
Session.Clear()

But, I need to do it globally, without changing the DNN CORE.

Please advise

I don't think it is possible to clear session the way you want it. You will need to add Session.Clear() in the Page_Load method() of Logoff.aspx and recompile the core. Just log all the core changes in a seperate file so you can use it for your future integrations. Thanks.

well actually, the context user info and roles as well as a users forms authentication ticket (a cookie) are set in the Dnn Membership module, which is a class that implements IHttpModule, so I was going to look at calling Session.Clear from another http module. I thing this might work.